Privacy Policy
In the following, we inform you in accordance with the legal requirements – in particular the EU General Data Protection Regulation (GDPR, available at http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.DEU) – about the processing of personal data by our company.
Table of Contents
General Information
In this section of the Privacy Policy, you will find information on the scope of application, the data controller, its data protection officer and data security. We also explain in advance the meaning of important terms used in the Privacy Policy.
Important terms
Browser: Computer program for displaying web pages (e.g. Chrome, Firefox, Safari)
Cookies: Text files that the accessed web server places on the user’s computer by means of the browser used. The stored cookie information can contain both an identifier (cookie ID), which is used for recognition, and content data such as login status or information about visited web pages. The browser sends the cookie information back to the web server on subsequent, new visits to this page with each request. Most browsers accept cookies automatically. You can manage cookies using the browser functions (mostly under “Options” or “Preferences”). This allows the storage of cookies to be disabled, made dependent on your consent in individual cases or otherwise restricted. You can also delete cookies at any time.
Third countries: countries outside the European Union (EU)
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), available at http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.DEU
Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling: any type of automated processing of personal data consisting of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or change of location
Services: Our offerings to which this Privacy Policy applies (see Scope)
Tracking: The collection of data and its analysis regarding the behavior of visitors to our services.
Tracking technologies: The collection and analysis of data regarding the behavior of visitors to our Services.
Tracking Technologies: Tracking may occur both via the activity logs stored on our web servers (log files) and by means of data collection from your terminal device via pixels, cookies and similar tracking technologies.
Processing: any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or another form of allocation, alignment or combination, restriction, erasure or destruction.
Pixels: Pixels are also called tracking pixels, web beacons or web bugs. They are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is loaded from a server on the Internet, and the download is registered there. This allows the server operator to see if and when an e-mail was opened or a web page was visited. Mostly this function is realized by calling a small program (Javascript). This way, certain types of information on your computer system can be detected and passed on, such as the content of cookies, the time and date of the page view, and a description of the page on which the tracking pixel is located.
Scope
This data protection declaration applies to the following offers:
- our online offer, available in particular at www.socialpals.de ;
- whenever this data protection declaration is otherwise referred to from one of our offers (e.g. websites, subdomains, mobile applications, web services or integrations in third-party sites), regardless of the way in which you access or use it.
All of these offerings are also collectively referred to as “Services”.
Responsible party
The party [Alternative: entity] responsible for data processing – i.e. the party [ entity] who decides on the purposes and means of processing personal data – in connection with the Services is:
socialPALS GmbH, Hauptstr. 18, 83607 Holzkirchen; datenschutz@socialpals.de,
Data protection officer
We are not obligated to appoint a data protection officer. Data protection in our company is therefore a matter for the management (“matter for the boss”). We are happy to receive inquiries about data protection at the above e-mail address; they will be forwarded immediately to the appropriate departments.
Data processing in detail
In this section of the data protection declaration, we inform you in detail about the processing of personal data within the scope of our services. For better clarity, we structure this information according to specific functionalities of our Services. During the normal use of the Services, different functionalities and thus also different processing operations may come into play one after the other or at the same time.
General information on data processing
Unless otherwise specified, the following applies to all processing operations described below:
a. No obligation to provide & consequences of non-provision
The provision of personal data is not required by law or contract and you are not obliged to provide data. We will inform you during the input process if the provision of personal data is required for the respective service (e.g. by designating it as a “required field”). In the case of required data, failure to provide it will result in the relevant service not being provided. Otherwise, failure to provide may result in our not being able to provide our services in the same form and quality.
b. Consent
In various cases, you have the option of giving us your consent to further processing in connection with the processing described below (where applicable, for part of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes we pursue with these processing operations. The processing operations based on your consent are therefore not listed again here (Art. 13 para.4 GDPR).
c. Transfer of personal data to third countries
If we transfer data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated permissibility requirements.
If the transfer of data to a third country is not for the performance of our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defense of legal claims and no other exemption under Article 49 of the GDPR applies, we will only transfer your data to a third country if an adequacy decision under Article 45 of the GDPR or appropriate safeguards under Article 46 of the GDPR are in place.
One of these adequacy decisions is the Commission’s Implementing Decision (EU) 2016/1250 of 12.07.2016 on the so-called “EU-US Privacy Shield” (“Privacy Shield”) for the USA. For transfers to companies certified under the EU-US Privacy Shield, the level of data protection is generally deemed adequate within the meaning of Article 45 of the GDPR.
Alternatively or additionally, the conclusion of the EU standard data protection clauses issued by the European Commission with the receiving entity create appropriate guarantees pursuant to Art. 46 (2) c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available on the European Commission’s website at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de.
d. Hosting with external service providers
Our data processing is carried out to a large extent using so-called hosting service providers, who provide us with storage space and processing capacity in their data centers and also process personal data on our behalf according to our instructions. It may happen with all of the functionalities mentioned below that personal data is transferred to hosting service providers. These service providers either process data exclusively in the EU or we have guaranteed an adequate level of data protection with the help of the EU standard data protection clauses (see under c.).
e. Transfer to government authorities
We transfer personal data to government authorities (including law enforcement authorities) if this is necessary for the fulfillment of a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) GDPR) or if it is necessary for the assertion, exercise or defense of legal claims (legal basis Art. 6 para. 1 f) GDPR
f. Storage period
The “Storage period” section indicates in each case how long we will use the data for the respective processing purpose. After this period has expired, the data will no longer be processed by us, but will be deleted at regular intervals, unless continued processing and storage is provided for by law (in particular because it is necessary for the fulfillment of a legal obligation or for the assertion, exercise or defense of legal claims) or you give us consent that goes beyond this.
g. Designation of data categories
In the next sections, the following summary category designations are used for certain types of data:
- Account data: login/user ID and password
- Personal master data: title, salutation/gender, first name, last name, date of birth
- Address data: street, house number, if necessary address additions, postal code, city, country
- Contact data: phone number(s), email address(es)
- Registration data: information about the service through which you have registered; timing and technical information about registration, confirmation and deregistration; data provided by you during registration
- Newsletter usage profile data: opening of the newsletter (date and time), content, selected links, also the following information of the accessing computer system: internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information
- Access data: date and time of the visit to our service; the page from which the accessing system reached our site; pages accessed during use; session identification data (session ID); also the following information of the accessing computer system: Internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information
Accessing our services
In the following, we describe how your personal data is processed when you call up our services (e.g. loading and viewing the website, opening and navigating within the mobile device app). In particular, we point out that the transmission of access data to external content providers (see under b.) is unavoidable due to the technical functioning of information transmission on the Internet. The third-party providers themselves are responsible for the data protection-compliant operation of the IT systems they use. The decision on the storage period of the data is the responsibility of the service providers.
a. Purpose of data processing and legal basis and, if applicable, legitimate interests, storage period
| Data category | Purpose | Legal basis | If applicable, legitimate interest | Storage period |
|---|---|---|---|---|
| Access data | Connection setup, display of the contents of the service, detection of attacks on our site based on unusual activities, error diagnosis | Art. 6 (1) b), f) GDPR | proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage due to interference with information systems [Please specify] | [Please specify] |
b. Recipients of personal data
| Recipient category | Data subject | Legal basis | Legitimate interest, if applicable |
|---|---|---|---|
| External content providers providing content (e.g. images, videos, embedded posts from social networks, advertising banners, fonts, update information) required to display the service | Access data | Art. 6 (1) f) GDPR, in case of transfer to the USA additionally Art. 45 GDPR in conjunction with Commission Implementing Decision (EU) 2016/1250 of 7/12/2016 on the so-called "EU-US Privacy Shield" | proper functioning of the services, (accelerated) display of content |
| IT security service provider | Access data | Art. 6 (1) f) GDPR | Prevention of attacks by exploiting security gaps / vulnerabilities |
Newsletter subscriptions
Below we describe how your personal data is processed when you subscribe to a newsletter:
a. Purpose of data processing and legal basis as well as legitimate interests, if applicable, storage period
| Data category | Purpose | Legal basis | If applicable, legitimate interest | Storage period |
|---|---|---|---|---|
| E-mail address | Verification of subscription (double opt-in procedure), sending of newsletter | Art. 6. (1) letter b) GDPR | Duration of newsletter subscription + 4 years | |
| Personal data | Personalization of the newsletter | Art. 6. (1) letter b) GDPR | Duration of newsletter subscription | |
| Registration data | Traceability of successful newsletter registration/confirmation /unsubscription | Art. 6. (1) letter b), f) GDPR | Proof of successful newsletter registration/ confirmation /unsubscription | Duration of newsletter subscription + 4 years |
| User profile data Newsletter | Interest-based design of the newsletter | Art. 6. (1) letter f) GDPR | Improvement of our service, advertising purposes | Duration of newsletter subscription |
b. Recipients of personal data
| Recipient category | Data subject | Legal basis | If applicable, legitimate interest |
|---|---|---|---|
| Service provider for newsletter dispatch | All data mentioned under 2.a. | Order processing (Art. 28 GDPR) |
Customer feedback
Below we describe how your personal data is processed when you contact our customer service:
a. Purpose of data processing and legal basis as well as legitimate interests, if applicable, storage period
| Data category | Purpose | Legal basis | If applicable, legitimate interest | Storage duration |
|---|---|---|---|---|
| Contact data, content of inquiries/complaints | Processing of customer inquiries and user complaints | Art. 6. (1) b), f) GDPR | Customer loyalty, improvement of our service | Processing of inquiry |
b. Recipients of personal data
We do not send customer inquiries to external providers. They are used exclusively for internal processing.
Demo order via our contact form
Below we describe how your personal data is processed when you order a demo from us via our contact form:
a. Purpose of data processing and legal basis as well as legitimate interests, if applicable, storage period
| Data category | Purpose | Legal basis | If applicable, legitimate interest | Storage duration |
|---|---|---|---|---|
| Contact data, address data, voluntary indication of the company (this enables conclusions to be drawn about your company affiliation) | Provision of our demo | Art. 6 Abs. 1 b) GDPR | Duration of contract initiation, in the event of conclusion of a business transaction: duration of the contractual relationship and another 10 years |
b. Recipients of personal data
| Recipient category | Data subject | Legal basis | If applicable, legitimate interest |
|---|---|---|---|
| Hosting service provider | All data mentioned under a) | Order processing according to Art. 28 GDPR |
Applications
Below we describe how your personal data is processed when you apply to us, e.g. as an employee:
a. Purpose of data processing and legal basis as well as legitimate interests, if applicable, storage period
| Data category | Purpose | Legal basis | Storage duration |
|---|---|---|---|
| Personal master data, contact data, address data, application folder content (curriculum vitae, certificates, other information provided by you); indication of application information; information on profession/hobbies | Identification; contacting; communication for contract initiation, age verification, applicant selection | Art. 6. (1) b) GDPR | 6 months after completion of the application process, longer in case of your explicit consent, then storage according to Art. 6 para. 1 a) GDPR |
b. Recipients of personal data
We do not send application documents to external providers. They are used exclusively for internal processing and applicant selection. You have the opportunity to declare express consent to longer storage so that we can consider you again in future application processes. Due to judicial development of the law, such consent is always valid for a period of one year and must therefore be renewed annually. If you do not give us your consent or give it too late, we are forced by law to delete it. We will not be notified of the expiry of the time limits.
Registration with us
In the following, we describe how your personal data is processed in connection with a customer relationship existing between you and us in our online portal:
a. Purpose of data processing and legal basis as well as, if applicable, legitimate interests, storage period
| Data category | Purpose | Legal basis | If applicable, legitimate interest | Storage duration |
|---|---|---|---|---|
| Personal master data, address data, contact data | Registration as a customer, identification, age verification, establishment of contact, provision of interest-based information, transmission of advertising for our own and third-party offers | Art. 6. (1) b), f) GDPR | Maintenance of the customer relationship, marketing of our services, advertising purposes | 10 years after processing of the last order |
b. Recipients of personal data
| Recipient category | Data subject | Legal basis | If applicable, legitimate interest |
|---|---|---|---|
| Marketing service provider | Personal master data, address data, contact data | Art. 6. (1) f) GDPR | Maintaining customer relations, advertising and marketing purposes |
| Collection service provide | Personal master data, address data | Art. 6. (1) b), f) GDPR | Payment for our services |
Tracking
Below we describe how your personal data is processed using tracking technologies to analyze and optimize our services.
The description of the tracking methods also includes information on how you can prevent or object to the data processing. Please note that this so-called “opt-out”, i.e. the refusal of processing, is usually stored via cookies. If you use our services via a new terminal device or in a different browser, or if you have deleted the cookies set by your browser, you will have to declare your rejection again.
The tracking methods presented process personal data only in pseudonymous form. A connection with a concrete, identified natural person, i.e. a combination of the data with information about the bearer of the pseudonym, does not take place.
a. Tracking or the analysis and optimization of our services and their use
- Purpose of processing
The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and adapt them to the needs of users, and to correct errors. It also serves to statistically determine characteristic values about the use of our services (range, intensity of use, surfing behavior of users) – on the basis of uniform standard procedures – and thus to obtain values that are comparable across the market.
- Legal basis of processing
In the case of services that are provided by us in connection with a contract, the tracking and the associated analysis of user behavior are carried out in order to fulfill our contractual obligations. The legal basis for this processing of personal data is Art. 6 I b) GDPR. The evaluation of information obtained through tracking is necessary to provide you with optimized services in accordance with the contractual purpose and to ensure the greatest possible benefit to you.
Otherwise, i.e. outside a context of a contractual relationship, the legal basis for this processing of personal data is Art. 6 I f) GDPR. We use it to pursue the legitimate interest of providing attractive services as efficiently as possible on the basis of the information obtained through tracking and to market them in the best possible way.
b. Tracking service
For tracking purposes, we exclusively use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies that enable an analysis of your use of the website. We have integrated this service via Google Tag Manager, which only helps us to manage such programs in easier operation.
We use Google Analytics including the functions of Universal Analytics. Universal Analytics allows us to analyze the activity on our services across devices (for example, accesses by laptop and later via a tablet). This is made possible by the pseudonymous assignment of a user ID.
The information generated by the cookie about your use of the website is usually transferred to a Google server in the USA and stored there, this is done under the Commission’s implementing decision (EU) 2016/1250 of 12.07.2016 on the so-called “EU-US Privacy Shield” (“Privacy Shield”), under which Google LLC is certified. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. We have also extended Google Analytics on our services with the code “anonymizeIP”. This guarantees the shortening of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
On our behalf, Google will use this information for the purpose of evaluating your use of the services, compiling reports on the activities of the services and providing us with other services relating to the use of the services and the internet.
The data transmitted and linked to cookies or user IDs will be deleted after 26 months. The deletion of data whose retention period has been reached occurs automatically once a month.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our services.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. This plugin is provided by Google; we point out that we can neither check nor control its function.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set that prevents the future collection of your data when visiting the Services. The opt-out cookie is only valid in this browser and only for the respective website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
To prevent collection by Universal Analytics across different devices, you must perform the opt-out on all systems used.
Links to other websites, especially Facebook
This website contains links to other websites operated by third parties. We cannot check whether the respective website operator complies with data protection law. The respective provider is responsible for the data protection-compliant processing of the transmitted data.
This applies in particular, but limited to the initiation of processing, for our link to our Facebook fan page. By clicking on the link, you are going to the website of Facebook Inc. where personal data about you will be collected, stored and evaluated, as well as merged into user profiles. This serves, among other things, the purpose of marketing your user profile by Facebook Inc. and its affiliated companies. By operating the Fanpage, we give rise to the processing. Whether this results in us being the data controller is currently the subject of a court case before the European Court of Justice (Case No. C-210/16) and has not yet been conclusively decided. Until a final decision is made, we assume in accordance with the Higher Administrative Court of Schleswig-Holstein (Case No. 4 LB 20/13) that we are not responsible under data protection law for data processing by Facebook Inc. Which data Facebook collects exactly is beyond our knowledge; however, at a minimum, Facebook collects your access data, as well as your click path. If you are logged in to Facebook with a user account at the same time, you must assume that Facebook collects, stores, processes, analyzes, merges with other data, aggregates and markets comprehensive information about you. If you do not want this, log out of all services before clicking on the link.
| Name of the service | Provider | Privacy information of provider |
|---|---|---|
| Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA | https://de-de.facebook.com/about/privacy/ |
Data subject rights
Right of objection
If we process your personal data for the purpose of direct marketing, you have the right to object at any time with future effect to the processing of personal data relating to you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
You also have the right to object at any time with future effect to the processing of personal data concerning you which is carried out pursuant to Article 6(1)(e) or (f) GDPR on grounds relating to your particular situation; this also applies to profiling based on these provisions.
You can exercise the right of objection free of charge. In order to process your request more quickly, please prefer to use our form under the following link:
Alternatively, you can reach us via the contact details mentioned under I.3, among others, or use the following email: datenschutz@socialpals.de
Right to information
You have the right to request confirmation from us as to whether personal data concerning you is being processed and, if applicable, to request information about this personal data and the other information listed in Art. 15 GDPR.
Right of rectification
You have the right to request that we correct any inaccurate personal data concerning you without undue delay (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
Right to erasure ("right to be forgotten")
You have the right to demand that we delete personal data concerning you without undue delay, provided that one of the reasons set out in Art. 17 (1) GDPR applies and the processing is not necessary for one of the purposes regulated in Art. 17 (3) GDPR.
Right to restriction of processing
You are entitled to request a restriction in the processing of your personal data if one of the conditions regulated in Art. 18 (1) letter a) – d) GDPR applies.
Right to data portability
You have the right, under the conditions set out in Art. 20 (1) GDPR, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and the right to transfer this data to another controller without hindrance from us. When exercising the right to data portability, you have the right to obtain that the personal data be transferred directly from us to another responsible party, insofar as this is technically feasible.
Right of revocation in case of consent
Insofar as the processing is based on your consent, you have the right to revoke your consent at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.
Right of complaint
You have a right of appeal to the supervisory authority responsible for our company. The supervisory authority responsible for our company is:
Bavarian State Office for Data Protection Supervision, Promenade 27 (Castle), 91522 Ansbach, Phone: +49 (0) 981 53 1300, Fax: +49 (0) 981 53 98 1300, E-mail: poststelle@lda.bayern.de; https://www.lda.bayern.de/de/index.html#
Status: 5/25/2018